Ichigo: Malicious Axios RAT May Have Stolen Key

Earlier today, Helius engineer and security researcher Ichigo posted that malicious versions of the widely used JavaScript library Axios, [email protected] and [email protected], were briefly published to npm on March 31 between 00:21 and 03:20 UTC. According to Ichigo, those packages deployed WAVESHAPER.V2, a cross-platform remote access trojan attributed to UNC1069, through a post-install hook. That means the malware ran during a normal npm install, with no extra user action required. ^[1]

The claim matters well beyond a routine software supply-chain warning because Ichigo tied the tainted packages to key theft. He wrote that it is believed at least one security council member had a key silently exfiltrated during that roughly three-hour window. He did not identify the council, the protocol, or the exact type of key, but the implication is serious: a compromised signing key can turn a developer workstation infection into a protocol-level incident. ^[1]

That timing now looks especially relevant after today's suspected Drift Protocol$0.042 exploit, which saw more than $270 million in assets moved out and rapidly swapped, bridged, and converted into Ethereum$1,686.33. Drift previously said it was observing unusual activity and warned users not to deposit while funds remained at risk. Ichigo's post does not explicitly name Drift, and no direct attribution has been confirmed in the tweet itself, but the reference to a security council member and key extraction immediately sharpened industry focus on whether a trusted signer or privileged operator was compromised upstream. ^[1]

Technically, the attack vector is the kind developers worry about for good reason. Axios is one of the most common HTTP client packages in the JavaScript ecosystem, used across front ends, back ends, scripts, and CI pipelines. A malicious release hidden behind a familiar dependency name can hit laptops, build servers, or automated deployment environments unevenly and fast. Because the payload was delivered in a post-install step, conventional assumptions like "we only installed dependencies, we did not execute app code" do not hold.

The short exposure window does not reduce the significance much. In crypto, a few hours is plenty if the target list is curated and the malware is designed for credential theft. If the exfiltrated material included wallet seed phrases, hardware wallet backups, SSH credentials, cloud tokens, or governance signing keys stored on disk or passed through the host, downstream damage could extend well past the machine that ran the install.

The market had already been repricing protocol risk around Drift. On MEXC, DRIFT traded at $0.0505 at the time of writing, down 25.62 percent over 24 hours, with volume near $934,700 and an intraday range from $0.0468 to $0.0728. That move cannot be pinned on Ichigo's tweet alone, and no confirmed line has yet been drawn between the npm compromise and Drift's losses. Still, supply-chain attacks that plausibly touch governance or council keys tend to hit confidence fast because they challenge one of crypto's favorite assumptions: that the critical path is secured if the contracts are sound. ^[2]

The practical takeaway is straightforward. Teams that installed [email protected] or [email protected] during the March 31 window should treat those systems as potentially compromised, rotate credentials, review signing infrastructure, and audit any privileged actions that followed. For everyone else, the next catalyst is disclosure: whether affected protocols name the compromised party, whether any signer sets are rotated, and whether incident responders can connect this npm event to the wallet flows already on-chain. If that link gets confirmed, this stops being a bad package story and becomes a governance security story. In crypto, that is usually where the real damage starts.